CVE-2024-27255
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | MQ Operator | 2.0.0 LTS <= 2.0.18 LTS | affected |
| IBM | MQ Operator | 2.4.0 <= 2.4.7 | affected |
| IBM | MQ Operator | 2.3.0 <= 2.3.3 | affected |
| IBM | MQ Operator | 2.2.0 <= 2.2.2 | affected |
| IBM | MQ Operator | 3.0.0 CD <= 3.0.1 CD | affected |
Weaknesses
- CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/7126571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/283905
References
- https://www.ibm.com/support/pages/node/7126571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/283905
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.